Unrestricted Upload of Dangerous File Type in Apache OFBiz
CVE-2025-59118

7.3HIGH

Key Information:

Vendor: Apache
Status: Apache Ofbiz
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-59118?

CVE-2025-59118 is a vulnerability found in Apache OFBiz, an open-source enterprise resource planning (ERP) software suite. This vulnerability is characterized as an "Unrestricted Upload of Dangerous File Type," which means that the system allows malicious users to upload files that could potentially contain harmful content. If exploited, this could lead to serious security breaches such as remote code execution, where an attacker could execute arbitrary commands on the server. Organizations using Apache OFBiz could face significant operational disruptions, loss of sensitive data, and reputational damage if this vulnerability is not addressed promptly. The vulnerability affects versions prior to 24.09.03, and upgrading to the fixed version is highly recommended to mitigate risk.

Potential impact of CVE-2025-59118

Remote Code Execution: The most critical impact of CVE-2025-59118 is the potential for remote code execution. Attackers can upload malicious files that execute unauthorized commands on the server, allowing them to gain full control over the affected systems.
Data Breaches: With the ability to execute arbitrary code, attackers could access sensitive data stored within the organization's servers. This compromise could lead to significant data breaches, exposing personal and financial information of customers and employees.
Operational Disruption: Exploitation of this vulnerability could lead to severe operational issues, including system downtime, loss of service availability, and increased recovery costs. Businesses may face disruptions that could affect their capacity to serve customers and maintain normal operations.